Total
4180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10955 | 1 Emc | 1 Data Protection Advisor | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability | ||||
| CVE-2017-10953 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. | ||||
| CVE-2017-10951 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724. | ||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2024-11-21 | N/A |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10902 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2024-11-21 | N/A |
| PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10832 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2024-11-21 | N/A |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10813 | 1 Corega | 2 Wlr 300 Nm, Wlr 300 Nm Firmware | 2024-11-21 | N/A |
| CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2024-11-21 | N/A |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-1000502 | 1 Jenkins | 1 Ec2 | 2024-11-21 | N/A |
| Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators. | ||||
| CVE-2017-1000487 | 3 Codehaus-plexus, Debian, Redhat | 4 Plexus-utils, Debian Linux, Jboss Amq and 1 more | 2024-11-21 | 9.8 Critical |
| Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | ||||
| CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2024-11-21 | N/A |
| Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | ||||
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | ||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2024-11-21 | N/A |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | ||||
| CVE-2017-1000220 | 1 Pidusage Project | 1 Pidusage | 2024-11-21 | N/A |
| soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | ||||
| CVE-2017-1000219 | 1 Windows-cpu Project | 1 Windows-cpu | 2024-11-21 | N/A |
| npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | ||||
| CVE-2017-1000215 | 1 Xrootd | 1 Xrootd | 2024-11-21 | N/A |
| ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | ||||
| CVE-2017-1000214 | 1 Gitphp Project | 1 Gitphp | 2024-11-21 | N/A |
| GitPHP by xiphux is vulnerable to OS Command Injections | ||||
| CVE-2017-1000203 | 1 Cern | 1 Root | 2024-11-21 | N/A |
| ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | ||||
| CVE-2017-1000159 | 1 Gnome | 1 Evince | 2024-11-21 | N/A |
| Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | ||||
| CVE-2017-1000116 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | ||||